Pages

How To Secure Small Company Network By Cost View

Today , many small companies not able to buy expensive security devices like Firewall , so fault increase randomly in network security. The main issues here, how to increase the network security in small companies. I am going to giving you introduction about it, also tell you that how can you increase your company security by only making some enhancement in Router.
In this article , I am going to cover below write topic...

1. Context Based Access Control (CBAC)
2. IOS URL Filtering
3. Zone Based Firewall

I hope that after read my this article you will be able to build your company network smart.

Context Based Access Control

CBAC works as a true stateful inspection for IOS Router . Means CBAC used to protocol specific inspection in traffic flows going across the router and dynamically open holes for returning traffic.  Flow of the traffic is from Protected Network (inside of company) to the Unprotected Network (outside of company). When any packet of information gone inside to outside then it registered on the CBAC table and when packet come back then CBAC check the table and then allow or deny the return packet according to information of table . It's look like echo and echo-reply.
 For do this work in better way, CBAC uses the Access Control List (ACL). However , we use the Extended Access List with CBAC. CBAC can inspect generic TCP/UDP connections just to check integrity and open a hole for returning traffic.








I am showing you FTP Application Traffic inspection configuration:

R2(config)#ip inspect name INSPECT ftp
R2(config)#ip access-list INBOUND permit udp any any eq rip
R2(config)#int f0/1                    
R2(config-if)#ip access-group INBOUND in
R2(config-if)#ip inspect INSPECT out

There many use of CBAC , this is only introduction.

IOS URL FILTERING

Configure HTTP URL filtering for achieve below write goal…

1.Filter Java applet from http response.
      2.Filter URL using Websense Server service.
      3.Permit the DNS www.hackarde.com to be accessed at any time.

We will filter URL by using CBAC inspect rule. We need a URL filtering Server with CBAC configuration.  

We will be blocking Java Applet downloads from www.hackarde.com sites.

R2(config)# access-list 1 deny any
R2(config)#ip urlfilter server vendor websense 10.0.0.50

Going to activate Filtering:

R2(config)#ip inspect name INSPECT http java-list 1 urlfilter
R2(config)#ip urlfilter exclusive-domain permit hackarde.com
R2(config)#ip urlfilter allow-mode on
Apply it on Router R2 outside interface f0/1:
R2(config)#int  f0/1
R2(config-if)#ip inspect INSPECT in

Zone Based Firewall (ZFW)

Before the ZFW , the IOS firewall offered stateful inspection using the CBAC Feature (Told you about it already). The problem with CBAC is that traffic passing through the interface was subject to the same inspection policy. In ZFW , inspection can now applied on Zone Based model meant interface of IOS Router assigned to different Zone like INSIDE (Private Zone), OUTSIDE (Public Zone), and DMZ zone.






In above picture, I am showing you that R2 Router works as IOS Firewall and his interface Fa0/0 woks in PRIVATE ZONE , interface Fa0/1 works in PUBLIC ZONE and interface Fa1/0 works in DMZ ZONE.

The following steps are required for configure ZFW in IOS Firewall (R2)…                                                  

1.  Define Zone
      2.  Define Zone Pair
      3.  Define Class Map for identify traffic
      4.  Define a Policy Map to apply action to the traffic in a class map
      5.  Apply Policy Map
      6.  Assign interface of Firewall to zones

I hope that my new article helpful for you.




0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Hackarde's Search Engine- Search Hacking Tutorial,Tool and eBook

Loading
 
HACKARDE © 2011 | Designed by HrDe